Skip to content

@PhantasmLab @Phantasm_Lab

Change the repository type filter

All

    Repositories list

    53 repositories

    • django-DefectDojo

      Public
      DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
      HTML
      BSD 3-Clause "New" or "Revised" License
      1.6k000Updated Sep 9, 2020Sep 9, 2020

    • AwesomeXSS

      Public
      Awesome XSS stuff
      JavaScript
      MIT License
      767000Updated May 5, 2019May 5, 2019

    • PayloadsAllTheThings

      Public
      A list of useful payloads and bypass for Web Application Security and Pentest/CTF
      Python
      15k000Updated Feb 17, 2019Feb 17, 2019

    • WhatWaf

      Public
      Detect and bypass web application firewalls and protection systems
      Python
      Other
      450000Updated Feb 8, 2019Feb 8, 2019

    • sslyze

      Public
      Fast and powerful SSL/TLS server scanning library.
      Python
      GNU Affero General Public License v3.0
      458000Updated Jan 31, 2019Jan 31, 2019

    • Brickcom-Surveillance-Exploit

      Public
      🎥 Brickcom Private Security Cam's Scan and Exploit Improper view DataBase 📺 Watching priv8 (records 📼) in real time from almost country's arround the world. Export: SMTP, FTP, SAMBA -> Credentials, Network Settings, Wifi Settings, Internet Settings, DDNS, all CCTV center control with MultiCameraSetSetting.cameraList)
      GNU General Public License v3.0
      5000Updated Jan 16, 2019Jan 16, 2019

    • AhMyth-Android-RAT

      Public
      Android Remote Administration Tool
      Smali
      GNU General Public License v3.0
      1.7k100Updated Dec 24, 2018Dec 24, 2018

    • NodeJsScan

      Public
      NodeJsScan is a static security code scanner for Node.js applications.
      Python
      GNU General Public License v3.0
      332000Updated Sep 19, 2018Sep 19, 2018

    • CloudFlair

      Public
      🔎 Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys.
      Python
      366000Updated Jun 28, 2018Jun 28, 2018

    • unzipper

      Public
      Small class to extract + compress .zip, .gz, .rar archives via browser.
      PHP
      GNU General Public License v3.0
      1.4k000Updated May 8, 2018May 8, 2018

    • brutespray

      Public
      Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
      Python
      MIT License
      386000Updated Apr 12, 2018Apr 12, 2018

    • retire.js

      Public
      scanner detecting the use of JavaScript libraries with known vulnerabilities
      Roff
      Other
      419000Updated Apr 7, 2018Apr 7, 2018

    • wfuzz

      Public
      Web application fuzzer
      Python
      GNU General Public License v2.0
      1.4k000Updated Mar 25, 2018Mar 25, 2018

    • SecLists

      Public
      SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
      PHP
      24k100Updated Mar 20, 2018Mar 20, 2018

    • RedXBlue

      Public
      a project created to simulate the environment with several security holes, to serve as a training platform for security researchers.
      PHP
      0400Updated Mar 3, 2018Mar 3, 2018

    • fuzzdb

      Public
      Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
      PHP
      2.1k000Updated Mar 3, 2018Mar 3, 2018

    • CSS-Keylogging

      Public
      Chrome extension and Express server that exploits keylogging abilities of CSS.
      CSS
      432200Updated Feb 20, 2018Feb 20, 2018

    • knock

      Public
      Knock Subdomain Scan
      Python
      867000Updated Jan 30, 2018Jan 30, 2018

    • patator

      Public
      Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
      Python
      GNU General Public License v2.0
      800000Updated Jan 8, 2018Jan 8, 2018

    • commix

      Public
      Automated All-in-One OS command injection and exploitation tool.
      Python
      831000Updated Dec 21, 2017Dec 21, 2017

    • zaproxy

      Public
      The OWASP ZAP core project
      Java
      Apache License 2.0
      2.3k000Updated Dec 20, 2017Dec 20, 2017

    • tplmap

      Public
      Server-Side Template Injection and Code Injection Detection and Exploitation Tool
      Python
      GNU General Public License v3.0
      679000Updated Nov 30, 2017Nov 30, 2017

    • wpscan

      Public
      WPScan is a black box WordPress vulnerability scanner
      Ruby
      Other
      1.3k000Updated Nov 15, 2017Nov 15, 2017

    • domain_analyzer

      Public
      Analyze the security of any domain by finding all the information possible. Made in python.
      Python
      241000Updated Nov 12, 2017Nov 12, 2017

    • kernelpop

      Public
      kernel privilege escalation enumeration and exploitation framework
      C
      130000Updated Nov 6, 2017Nov 6, 2017

    • Reptile

      Public
      LKM Linux rootkit
      C
      583000Updated Nov 3, 2017Nov 3, 2017

    • papers

      Public
      Some papers and talks that I have done
      C
      21000Updated Oct 28, 2017Oct 28, 2017

    • LaZagne

      Public
      Credentials recovery project
      Python
      GNU Lesser General Public License v3.0
      2k000Updated Oct 26, 2017Oct 26, 2017

    • dirsearch

      Public
      Web path scanner
      Python
      2.3k000Updated Oct 26, 2017Oct 26, 2017

    • unicorn

      Public
      Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
      Python
      Other
      815000Updated Oct 17, 2017Oct 17, 2017